RE: [Zope] Disabling anonymous webdav access
Are WebDAV requests HTTP GET requests? Or are they PUT? I ask because there might be a way to filter public access with a reverse-proxy to certain URLs (with, for example, a Squid redirector). Whether or not this kind of thing would work for certain types of WebDAV traffic, such as viewing folder contents, depends on the anatomy of a WebDAV request... Thoughts? Sean -----Original Message----- From: Jerome Alet [mailto:alet@unice.fr] Sent: Friday, May 18, 2001 8:36 AM To: zope@zope.org Subject: RE: [Zope] Disabling anonymous webdav access On Fri, 18 May 2001, Brian Lloyd wrote:
Ivo), I propose that it default to "Manager, Anonymous" so that current behavior is preserved. In other words, I think it is better that sites continue to work exactly as before after the change (but that the manager can then go turn off anonymous DAV access), rather than have sites suddenly "stop working with WebDAV" until the manager goes and gives anonymous that permission.
Thoughts?
Here's mine, for a future version of Zope: What would be nice is an installation/launching option for Zope's security to be set to maximum security by default, i.e. anonymous wouldn't even have the View permission by default, and the admin would have to manually set the anonymous permissions. kind of like the ALL: PARANOID in /etc/hosts.deny and and no hosts.allow file. What would be even better is that such a thing doesn't appear in Zope before I understand completely how the permission system really work ;-) bye, Jerome Alet _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
From: sean.upton@uniontrib.com
I ask because there might be a way to filter public access with a reverse-proxy to certain URLs (with, for example, a Squid redirector). Whether or not this kind of thing would work for certain types of WebDAV traffic, such as viewing folder contents, depends on the anatomy of a WebDAV request...
You could easily limit the port to be accessed only by certain IP addresses (ranges, other criterea) with xinetd (if you're on Linux)
Are WebDAV requests HTTP GET requests? Or are they PUT?
I ask because there might be a way to filter public access with a reverse-proxy to certain URLs (with, for example, a Squid redirector). Whether or not this kind of thing would work for certain types of WebDAV traffic, such as viewing folder contents, depends on the anatomy of a WebDAV request...
The idea of "restricting access by protocol" is still an open issue, and a relatively hard one to integrate with the intent of permissions in Zope (which are action-oriented rather than protocol-oriented). The proposed DAV change is something of a hack that happens to give most people what they want: the ability to keep people from using any old DAV client to inspect the structure of their site. By protecting "PROPFIND" ( a DAV HTTP verb) with a specific permission, the effect is that clients will be effectively unable to list site contents if you don't want them to. As far as GET / PUT, these are not distinguishable from a non-DAV GET / PUT (but those operations are protected by action-specific permissions anyway). So this is not a 100% solution, just one that happens to be a light-weight way to allow people to solve their immediate problem (in basically the same way we solve it for FTP). Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com
Hi Brian,
As far as GET / PUT, these are not distinguishable from a non-DAV GET / PUT (but those operations are protected by action-specific permissions anyway).
So this is not a 100% solution, just one that happens to be a light-weight way to allow people to solve their immediate problem (in basically the same way we solve it for FTP).
Ok, so what do you propose Brian? You have a point by stating that you want the Zope-permissionsystem to be action-based in stead of protocol based. But then: listing a site's content via the DAV-protocol does not work the same as via normal http-based protocol: when index_html is present, the site's content (and sub-directory-structure) is effectively masked via normal http-access (I think). So when a certain permission (like Acces Contents Information) effectively behaves different under different access-protocols, this action-based permission policy seems to me to be inadequate... Greetings, Antwan.
Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Ok, so what do you propose Brian? You have a point by stating that you want the Zope-permissionsystem to be action-based in stead of protocol based. But then: listing a site's content via the DAV-protocol does not work the same as via normal http-based protocol: when index_html is present, the site's content (and sub-directory-structure) is effectively masked via normal http-access (I think).
So when a certain permission (like Acces Contents Information) effectively behaves different under different access-protocols, this action-based permission policy seems to me to be inadequate...
I agree that it is inadequate; what I am proposing is not an ultimate solution for that, it is a short term fix to solve some people's immediate problem (exposing site structure via DAV PROPFIND). Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com
participants (4)
-
Antwan Reijnen -
Brian Lloyd -
marc lindahl -
sean.upton@uniontrib.com